-
Notifications
You must be signed in to change notification settings - Fork 13
159 lines (152 loc) · 4.73 KB
/
release.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
name: Release
on:
push:
tags:
- v*
workflow_dispatch:
inputs: {}
env:
CIBW_BUILD: "cp310-* cp311-* cp312-* cp313-*"
jobs:
Build-Linux:
strategy:
matrix:
include:
- runner: ubuntu-latest
cibw_arch: aarch64
- runner: ubuntu-latest
cibw_arch: x86_64
runs-on: ${{ matrix.runner }}
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
- name: Set up QEMU
uses: docker/setup-qemu-action@53851d14592bedcffcf25ea515637cff71ef929a
with:
platforms: arm64
- name: Build wheels
uses: pypa/cibuildwheel@ee63bf16da6cddfb925f542f2c7b59ad50e93969
env:
CIBW_ENVIRONMENT: PATH=$(pwd)/go/bin:$PATH
CIBW_BEFORE_ALL: sh ci-setup-golang.sh
CIBW_SKIP: "*musllinux*"
CIBW_ARCHS: ${{ matrix.cibw_arch }}
- name: Upload Artifacts
uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08
with:
name: wheels-linux-${{ matrix.cibw_arch }}
path: ./wheelhouse/*.whl
Build-Windows:
runs-on: windows-latest
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
- name: Set up Go
uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34
with:
go-version: "1.21.5"
cache: true
cache-dependency-path: "gotfparse/go.sum"
- name: Build wheels
uses: pypa/cibuildwheel@ee63bf16da6cddfb925f542f2c7b59ad50e93969
env:
CGO_ENABLED: 1
CIBW_ARCHS: AMD64
- name: Upload Artifacts
uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08
with:
name: wheels-windows
path: ./wheelhouse/*.whl
Build-MacOS:
strategy:
matrix:
include:
- cibw_arch: "x86_64"
go_arch: "amd64"
- cibw_arch: "arm64"
go_arch: "arm64"
runs-on: macos-latest
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
- name: Set up Go
uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34
with:
go-version: "1.21.5"
cache: true
cache-dependency-path: "gotfparse/go.sum"
- name: Build wheels
uses: pypa/cibuildwheel@ee63bf16da6cddfb925f542f2c7b59ad50e93969
env:
CGO_ENABLED: 1
CIBW_ARCHS: ${{ matrix.cibw_arch }}
GOARCH: ${{ matrix.go_arch }}
- name: Upload Artifacts
uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08
with:
name: wheels-macos-${{ matrix.cibw_arch }}
path: ./wheelhouse/*.whl
Gather:
needs: [Build-Linux, Build-MacOS, Build-Windows]
runs-on: ubuntu-latest
outputs:
hash: ${{ steps.hash.outputs.hash }}
steps:
- name: Fetch Wheels
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16
with:
pattern: "wheels-*"
path: dist
merge-multiple: true
- name: Display downloaded artifacts
run: ls -lh dist
- name: Generate Hashes
id: hash
run: cd dist && echo "hash=$(sha256sum * | base64 -w0)" >> $GITHUB_OUTPUT
Provenance:
needs: [Gather]
permissions:
actions: read
id-token: write
contents: write
# Can't pin with hash due to how this workflow works.
uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v2.0.0
with:
base64-subjects: ${{ needs.Gather.outputs.hash }}
Release:
runs-on: ubuntu-latest
needs: [Provenance]
permissions:
contents: write
if: startsWith(github.ref, 'refs/tags/')
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
- name: Fetch Wheels
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16
with:
pattern: "*"
path: dist
merge-multiple: true
- name: Create Release
uses: ncipollo/release-action@v1
with:
artifacts: "dist/*"
token: ${{ github.token }}
draft: false
generateReleaseNotes: true
Upload:
needs: [Release]
runs-on: ubuntu-latest
if: startsWith(github.ref, 'refs/tags/')
permissions:
id-token: write
steps:
- name: Fetch Wheels
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16
with:
pattern: "wheels-*"
path: dist
merge-multiple: true
- name: Upload to PYPI
uses: pypa/gh-action-pypi-publish@76f52bc884231f62b9a034ebfe128415bbaabdfc